asyncrat | ecdafe824395e7c486a3b6f649f214ce225dcc4d0c9a0335abbe657418e029a8 | Triage

Sharing

General

Target

lossless scaling.zip
Size

16.6MB
Sample

250126-r9k99swjal
MD5

df2b1bbb948f2109070d0769b6438969
SHA1

a70dc3fa42aa39ef57772b4d32ecec9fda6deb00
SHA256

ecdafe824395e7c486a3b6f649f214ce225dcc4d0c9a0335abbe657418e029a8
SHA512

dba7bda84503c1763960c338b75860187e0d00ba91af359cad9b352408ffe4754ff3674ace6786e5d000074a54398a2f0bcfd346b96c371d556e28d36f13a088
SSDEEP

393216:41v8g2pRrG577KcrcT4Yhy8JK4sFX237hWS7GJTe:4yg0RrGZKcAHy8JK4syWSiJi

Score

10^/10

asyncrat default defense_evasion discovery execution rat trojan

Malware Config

Extracted

Family

asyncrat

Version

A 14

Botnet

Default

C2

3x3.casacam.net:303

Mutex

MaterxMutex_Egypt2

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  lossless scaling.zip
- Size
  
  16.6MB
- MD5
  
  df2b1bbb948f2109070d0769b6438969
- SHA1
  
  a70dc3fa42aa39ef57772b4d32ecec9fda6deb00
- SHA256
  
  ecdafe824395e7c486a3b6f649f214ce225dcc4d0c9a0335abbe657418e029a8
- SHA512
  
  dba7bda84503c1763960c338b75860187e0d00ba91af359cad9b352408ffe4754ff3674ace6786e5d000074a54398a2f0bcfd346b96c371d556e28d36f13a088
- SSDEEP
  
  393216:41v8g2pRrG577KcrcT4Yhy8JK4sFX237hWS7GJTe:4yg0RrGZKcAHy8JK4syWSiJi
Score

10^/10

asyncrat default defense_evasion discovery execution rat trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- UAC bypass
  defense_evasion trojan
- Command and Scripting Interpreter: PowerShell
  Start PowerShell.
  execution
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratdefaultdefense_evasiondiscoveryexecutionrattrojan